Hi,
I noticed several threads dealing with stealthy viruses, heuristics etc. People were discussing the best method of keeping safe. Some suggest anti-virus, others programs like PG etc. I think the best protection is to simply limit the scope of internet explorations to what is reasonably safe.
My poetic alegory (metaphor?) goes like this:
PG is your kevlar vest and AV is your pistol. So if you walk into a gang hood, you got a good chance of coming out of there safe. But . . .
Why not avoid such places in the first place?
When I surf, I never visit sites that deal in cracks, or (too) many porn sites, or any chats or gambling sites. Most of my internet activity is a few forums, some site here and there, nothing fancy. I do p2p, but the stuff I download are mime Hungarian movies from '20s (and such) no leet haxor would ever consider worth the effort because only 23 people in the world would like those.
So, the greatest threat I have are emails . . . of which I receive 4 a week and erase them without opening.
Safe user-limited surfing will prevent 90% of problems. The remaining 10% could be dealt with using layered approach. Or Linux.
The real problem exists for those whom chats, warez and cracks are 99% of their internet activity, plus they have messenger cause it's kool and they don't have sp2 installed cause it sucks and gives them a gip. And clicking open mails in the blind with Outlook Express (unpatched) and preview pane enabled.
It's not safe out there. So we should act with restraint. The same way the world is limited to us, the Internet should be too. Iraq is not safe to go to, so aren't crack sites . . . just avoid them.
And finally, if you get some ugly disease, just hit format c:. It's the best cure for all problems.
Mrk

-{ Quote: "Most of my internet activity is a few forums, some site here and there, nothing fancy. I do p2p, but the stuff I download are mime Hungarian movies from '20s (and such) no leet haxor would ever consider worth the effort because only 23 people in the world would like those." }-

Make it 24 now :). Now that you have painted a target on your head.....
Just kidding.


-{ Quote: "PG is your kevlar vest and AV is your pistol. So if you walk into a gang hood, you got a good chance of coming out of there safe. But . . .
Why not avoid such places in the first place?" }-

If you don't test how do you know your kevlar vest is not made of butter instead?

-{ Quote: "And finally, if you get some ugly disease, just hit format c:. It's the best cure for all problems." }-

Most problems, not all, according to rumours :)

I agree with your points, yes you can have all these security programs but at the end of the day it all comes down to how you use your computer that really determines your protection. By not going to porn/crack sites, not using a p2p program and watching what you download your chances of getting infected are very low. With my habits I honestly believe I could run my computer just fine with no AV or other security programs, just my routers firewall. I did a reformat last year and since then out of all the malware scanners I have run on my computer the most anything has ever found is a tracking cookie, one that is installed by some windows updates (Alexa), that’s it.

So why am I security paranoid? The reason I had to do that reformat was because of a few virus that I got hit with when I was using McAfee last year. Before getting infected I knew little about computer security, I only had McAfee and Ad-Aware and I used p2p and surfed porn sites. I went like this for almost a year without and major spyware or viruses, but then I got hit with a hijacker and a few viruses/Trojans from a porn site. It was one of the best things that could have happened because in the processes of trying to remove them I learned a ton about computers and began the transformation into a security conscious computer user. After I did the reformat I vowed to never go to porn sites or use p2p again (on this computer anyway). Now I mainly like to have a good defense for peace of mind, and I think I share that reason with a lot of users here. I have seen what malware can do to computers and how it can ruin computing. Now I am sure there are some people that build up a good defense so they can use p2p and surf on the dangerous side of the web and thats cool too.

I don´t share your opinion Mrkvonic, the points you suggest are just not enough to keep you safe. Remember that the "gang in the hood" can always come to you! ;) With the minimal "armor" that you suited up to face this war you are still vulnerable to DoS type of attacks. Attacks targeting flaws in your OS could make you crash too. And depending on how you configured your system you could be sharing your secrets with the bad guys and they wouldn´t even have to install anything to get them! How about memory resident malicious codes? There are too many possibilities...

And why do you think only crack and porn sites are the root of all evil? Can you really trust established companies? Are you sure they are looking out 100% for YOUR interests? Spyware was not meant to be harmful, only track what you do for Marketing purposes. Is spyware safe to you?

And have you thought about how to protect the innocent? You may have a good understanding on where you can go and what you can do to be safe but how about your children? Or your employees? Or that blonde chick you´ve been day dreaming about? ;D

The only thing I agree is that the lesser you use the lesser you risk yourself. At the limit, not using at all gives you 100% safety. Unplug it from the wall and you´ve got the best protection.

Indeed, don't forget about things like download.ject and the spyware that came though the pop lyrics site (I want to say Eric Clapton, but don't think that's right.. same genre, though.) The sites you visit may be trustworthy, but what about their advertisers? Google is a good example. There's also always the possiblity that the site can be hacked or DNS servers can be poisioned, too. Heck, one of the servers on the Jabber network had a rootkit running for a full year, you can imagine the potential for that one. Taking the standard precautions is a given, but it's not substitute for at least the standard defenses, nor the other way around. I considered my habits to be similar to Mrkvonic's, but when I went though my cookies the other day I realized that I went to a lot of places I had forgotten about. We all end up on pages that could potentially infect us, seedy or not.

One thing to keep in mind, too, regarding the subject of "safe hex" and "common sense" is that we all had to start somewhere. There's been a few good posts on the subject, but all too often it seems like this subject gets brought up with a bit of a chip on the shoulder of the speaker, which can really only intimidate those that need that kind of advice the most. I can only imagine how many newcommers read those posts and think: "well, I thought I was using common sense, what am I doing wrong? I only open email from people and places I trust.. I'll probably just get called an idiot if I post." This thread is definitely a good start, though :)

Perhaps, Pollmaster, you'd like to apply some of that eloquence to posting some advice? It seems like you're good at intellectual jabs, but I've yet to see anything really productive.

I've added a few good starting places to the page in my sig, including a link to a vendor site that hosts one of my own "essays" ;) (link added yesterday, among several others.)

System hardening is another measure that I'd like to point out (of course.) This is somethinig that can save you from a signifigant amount of threats without adding yet more programs to the system tray. If you added nothing more to the standard AV and FW defense, this would be my recommendation.

-{ Quote: "With the minimal "armor" that you suited up to face this war you are still vulnerable to DoS type of attacks. Attacks targeting flaws in your OS could make you crash too. And depending on how you configured your system you could be sharing your secrets with the bad guys and they wouldn´t even have to install anything to get them! How about memory resident malicious codes? There are too many possibilities...

" }-

Yes and sadly, nothing much is really going to protect you against DOS attacks if you are running servers, and crashing windows OS? That's known to be trival.

I'm not sure what 'memory resident malicious codes' are though. Most of the malware I know are memory resident.

-{ Quote: "
The only thing I agree is that the lesser you use the lesser you risk yourself. At the limit, not using at all gives you 100% safety. Unplug it from the wall and you´ve got the best protection." }-

There is no 100% safety yes, but loading up and using security software that you don't really understand isn't much better.

Hi Mrkvonic,

Unfortuantely, it does not appear that "safe surfing" is adequate. During the last year I cleaned several machines for friends and family whose surfing habits were not only safe, but downright non-existent.

How did the trojans and spyware (I netted 6 keyloggers during this time) come into being on these machines? Impossible to say. They all had AVs on their machine (mostly Norton, but in one case it was Trend Micro), and all people were familiar with the problems of surfing the net.

I can tell you that in one case, I visit a site that looking totally benign and I was hit with some malware that KAV caught.

So my approach is Murphy's Law - "If something can happen, it will", and I plan accordingling. That is good locks on the door.

Rich

-{ Quote: "I considered my habits to be similar to Mrkvonic's, but when I went though my cookies the other day I realized that I went to a lot of places I had forgotten about. We all end up on pages that could potentially infect us, seedy or not." }-

All good points. On a slight off topic note you can block third party cookies, though I know you are concerned about more than that. You can even restrict images to downloading only those on the same domain. Not sure of other objects though like external js scripts, css etc.

My view is when I and other promote safe hex, I'm not saying, don't harden your system, don't patch, don't run any security software at all and the power of positive thinking will protect you!

I'm promoting what the Buddhist would go "Right Action", and this involves not only right surfing habits but also right amounts of patching and software.

I certainly don't subscribe to the opinion that unless you run PG+RD+KAV (or NOD + some AT), you are a big security risk.


-{ Quote: "
One thing to keep in mind, too, regarding the subject of "safe hex" and "common sense" is that we all had to start somewhere. There's been a few good posts on the subject, but all too often it seems like this subject gets brought up with a bit of a chip on the shoulder of the speaker, which can really only intimidate those that need that kind of advice the most.
" }-

Nice jab.

-{ Quote: "

I can only imagine how many newcommers read those posts and think: "well, I thought I was using common sense, what am I doing wrong? I only open email from people and places I trust.. I'll probably just get called an idiot if I post."
" }-

I'm actually trying to counter the FUD being spread by some people who are barely above the level of newbie who like to declare that without <insert cool toy they use>, it's only a matter of time before you are infected. They post over and over the same stories of their friends are idiots, the same advertisements of their favourite products , their 'proactive' strategy etc.

Probe a little and it turns out they have no clue about what they are saying.

-{ Quote: "
Perhaps, Pollmaster, you'd like to apply some of that eloquence to posting some advice? It seems like you're good at intellectual jabs, but I've yet to see anything really productive.
" }-

Notok I've never "jabbed" you right? Nor, a lot of other people who post sensible advise, even though we disagree about the value of certain policies.

The only ones who get "jabbed" are the ones who post without thinking, quote text blindly without seeing if it applies to justify spreading FUD , mouth mindless slogans like 'proactive defense' and 'layered security' whenever they have nothing concrete to say.

It's difficult to be productive I think because the problem as I see it is that the people who need the advise most, are the very same people running around trying to play "Security expert" to all their friends.

They deny that of course if pressed, so would I :).

-{ Quote: "
System hardening is another measure that I'd like to point out (of course.) " }-

Yes, I know that's your pet topic :)

-{ Quote: "Yes and sadly, nothing much is really going to protect you against DOS attacks if you are running servers, and crashing windows OS? That's known to be trival." }-Depending on the size of the DoS, yes, there is really not much that can be done (even big corporations have fallen to DoS). But you can use routers and personal firewalls to defeat a certain level of attack. That is leaps and bounds more protection than "safe hex".

-{ Quote: "I'm not sure what 'memory resident malicious codes' are though. Most of the malware I know are memory resident." }-I´m only refering to the possibility that you don´t need to install anything to get infected. Of course the infection is terminated once you reboot but if you don´t know and are re-infected...

-{ Quote: "There is no 100% safety yes, but loading up and using security software that you don't really understand isn't much better." }-I know what you are refering to, even the best security scheme can fail due to user misconfiguration. But what do you prefer: a clueless user that uses his common sense or a clueless user that uses common sense, a firewall and an AV? See what I mean?

How much security is enough is *very* hard to determine. It is only logical that too much or too little is a bad idea. All the scenarios in between are personal preferences based on perceived risk exposure.

-{ Quote: "Notok I've never "jabbed" you right? Nor, a lot of other people who post sensible advise, even though we disagree about the value of certain policies.

The only ones who get "jabbed" are the ones who post without thinking, quote text blindly without seeing if it applies to justify spreading FUD , mouth mindless slogans like 'proactive defense' and 'layered security' whenever they have nothing concrete to say.

It's difficult to be productive I think because the problem as I see it is that the people who need the advise most, are the very same people running around trying to play "Security expert" to all their friends.

They deny that of course if pressed, so would I .
" }-Lol, had a feeling you might take it as a jab, but no. I thought about it, but generally prefer to keep things going at face value. I can appreciate some of the jabs that you make, some of them actually make me snicker out loud, but sometimes you gotta give alternatives too, give something to those that otherwise might get caught up in the clap trap. This was actually some of the same reasoning behind the pages I put up. The idea was to give a fully rounded set of resources that I can point anyone in the direction of so they can choose for themselves, regardless of my opinion. I plan to write more, and link other's writings (once I get permission), but the langa letters will have to do for the time being. Bottom line regarding "jabs", though, is that when there's something on my mind, I generally leave no room for doubt ;)

-{ Quote: "Depending on the size of the DoS, yes, there is really not much that can be done (even big corporations have fallen to DoS). But you can use routers and personal firewalls to defeat a certain level of attack. That is leaps and bounds more protection than "safe hex".
" }-

I'm curious do you know of any home user who has being a target of a DoS?
Is it reallly that serious a threat? All I can find is this
http://www.irchelp.org/irchelp/nuke/ and that's hardly a big deal.

Not that I don't appreciate routers and firewalls mind you, but justifying them by throwing around the word DoS attack doesn't really impress me.

About malicious memory resident code.

-{ Quote: "
I´m only refering to the possibility that you don´t need to install anything to get infected. Of course the infection is terminated once you reboot but if you don´t know and are re-infected...
" }-

Any process that is executed I think would go into memory. This includes anything installed by the user. I'm not sure talking about "malicious memory resident code" helps your point, since most all malware I can think of falls into that category.

Or do you mean something more specific? If so please give examples of what falls into this categroy and examples of malware which do not fall into "malicious memory resident code"

Talking about installing I think is just a short hand for saying a process started executed by the user
The issue at hand is, how often does malicious processes execute that are not a result of any user interaction (or installed).

I can think of the following possibilities

1) Processes started by other processes already running.

Arguably, if this process started is malicious you are screwed yes, but as mentioned below, this is a case where you were screwed the second you decided to trust and install this program anyway, since it could have done its evil work the very second you ran it anyway.

2) Bugs in the software that lead to remote execution of code.

This is somewhat rare as long as you keep fully patched. A very few of the examples given by Notok above pertain to this category, though I suspect Notok would be hardpressed to mention more cases of zero day exploits affecting home users.

So no, I think when it comes down to it, in most cases, if you are hit, it means you have failed to practice safe hex in some way. The rare exceptions are when you are targetted with a new exploit that is unknown of course. Not much you can do about that.

-{ Quote: "
I know what you are refering to, even the best security scheme can fail due to user misconfiguration. But what do you prefer: a clueless user that uses his common sense or a clueless user that uses common sense, a firewall and an AV? See what I mean?" }-

Your options are impossible, since a user who uses common sense is by definition not clueless.

And as explained to Notok, I'm not against security software. But I myself have done the same as Matt and gone around with nothing but a router, and I'm clean. So have many other people I know, even 'cluessless' people who don't hang out at security hobbyist forums

Isn't that impossible ?


PS Do you really need a AV to tell you some strange email, from someone you don't know or with a short vague message, with a strange/dangerous attachment extension, is a worm?





How much security is enough is *very* hard to determine. It is only logical that too much or too little is a bad idea. All the scenarios in between are personal preferences based on perceived risk exposure." }-

I disagree that there is not much that can be done against a zero day exploit. There are more than a few companies out there developing solutions that block unknown exploits....some work better than others but there are some solutions to zero day exploits and some solutions are getting better and better each day.

-{ Quote: "
So no, I think when it comes down to it, in most cases, if you are hit, it means you have failed to practice safe hex in some way. The rare exceptions are when you are targetted with a new exploit that is unknown of course. Not much you can do about that.



" }-" }-

Now I also believe that common sense is the best defense but it is also good to have to have some protection. I know that I use a lot of common sense but there are some days that I am just clicking on things fast and there have been times that I have clicked on the wrong thing or have done the wrong thing and I feel safer having the security software that I have on my computer on here......especially since I do a lot of traveling with this laptop and hook up into all types of networks all over the world (In a few days I will be going to Singapore, my favorite city).

I happen to like having some of the security that I have on my computer when I hook up to some strange network in Indonesia or the Philippines or some place like that.....but then again...I am not the average user.



Starrob

-{ Quote: "I'm curious do you know of any home user who has being a target of a DoS?
Is it reallly that serious a threat? All I can find is this
http://www.irchelp.org/irchelp/nuke/ and that's hardly a big deal.

Not that I don't appreciate routers and firewalls mind you, but justifying them by throwing around the word DoS attack doesn't really impress me." }-
Why are you nitpicking? Not having a firewall will make you vulnarable to DoS *plus* the other examples I gave. I never said by itself is was justification for anything. And yes, I have been a target of DoS by just running a p2p application. But that´s not the point. And neither is impressing you.

-{ Quote: "About malicious memory resident code.

<big snip>" }-
You missed the point. As computer technology gets more and more sofisticated it is becoming virtually impossible for the average user to make sense, and mainly, keep up with all the possibilities to get infected. Who would have thought that it would be possible to get an infection from clicking websites?

-{ Quote: "-{ Quote: "
I know what you are refering to, even the best security scheme can fail due to user misconfiguration. But what do you prefer: a clueless user that uses his common sense or a clueless user that uses common sense, a firewall and an AV? See what I mean?" }-
Your options are impossible, since a user who uses common sense is by definition not clueless." }-
No, it´s not impossible because you fail to give proper meaning to the word "common". Today, practically everybody uses a computer with a varied knowledge background. What is common sense for the average user has nothing to do with the knowledge that is necessary to understand all this and how to defend against it. How many time have you heard "I use dial-up so I don´t need a firewall"? Unfortunately, that´s common sense too.

-{ Quote: "And as explained to Notok, I'm not against security software. But I myself have done the same as Matt and gone around with nothing but a router, and I'm clean. So have many other people I know, even 'cluessless' people who don't hang out at security hobbyist forums

Isn't that impossible ?" }-

You and Matt have much more than "common sense", enough so you don´t get into trouble. And just like you I have seen people with common sense get loads of malware without any idea how they got them. That doesn´t reinforce any argument. The fact is that a lot of people simply do not have the necessary judgement or knowledge to make decisions about what happens in their computers despite all the common sense they might have. That´s where these tools come into play and assist them making those decisions.

-{ Quote: "PS Do you really need a AV to tell you some strange email, from someone you don't know or with a short vague message, with a strange/dangerous attachment extension, is a worm?" }-

I probably wouldn´t. But if your grandmother got an email apperantly from you harvested by a worm, it would be pretty hard to make that call. Basing decisions on attachment extensions already requires experience that might fail a lot of people that have common sense. There are pitfalls like double extensions and Windows is becoming more visual by creating icons specific to the file type. And there are ways to change those icons so they don´t appear to be what they are.

From your description it would seem impossible to fall victim of a worm, virus or phishing scam but that´s what´s been happening. Or maybe you believe ALL those victims are stupid and don´t have common sense?

Safe sex means "use a condom". Period. Safe hex means... The list is virtually endless, depends on what you do with computers and is changing all the time. Pretty simple? Yeah, right...

Hi alien51,

I agree with your position. Most people are aware of the problems with surfing on the Internet (most have either lost data or have had their privacy invaded in some fashion) and are seeking practical advice on how to begin securing their system. Slogans, such as "safe hex" are ambiguous, pretty meaningless, and ultimately impractical.

Rich

-{ Quote: "I disagree that there is not much that can be done against a zero day exploit. There are more than a few companies out there developing solutions that block unknown exploits....some work better than others but there are some solutions to zero day exploits and some solutions are getting better and better each day.

" }-

If you say so. You could pay Idefend ten of thousands of bucks to keep updated about the latest zero day exploits not publised yet I suppose.

But barring that, the fact is, by definition a zero day exploit is something unknown, so how can a reliable solution exist? You can tighten, harden OS security but does that really provide reliable zero day exploit protection?

If you have more information about how reliable zero day exploits portection work, do educate me.

-{ Quote: "
Now I also believe that common sense is the best defense but it is also good to have to have some protection. I know that I use a lot of common sense but there are some days that I am just clicking on things fast and there have been times that I have clicked on the wrong thing or have done the wrong thing and I feel safer having the security software that I have on my computer on here......especially since I do a lot of traveling with this laptop and hook up into all types of networks all over the world (In a few days I will be going to Singapore, my favorite city).
" }-

And what is wrong with Singapore ? The last time I checked, it was hardly hacker heaven. Now China.....


-{ Quote: "
I happen to like having some of the security that I have on my computer when I hook up to some strange network in Indonesia or the Philippines or some place like that.....but then again...I am not the average user.
" }-

So you agree what you are saying has no relevance to average users? :)

-{ Quote: "Why are you nitpicking? Not having a firewall will make you vulnarable to DoS *plus* the other examples I gave. I never said by itself is was justification for anything. And yes, I have been a target of DoS by just running a p2p application. But that´s not the point. And neither is impressing you." }-

I'm 'nitpicking' because, handwaving about threats that are not really practical or common is spreading FUD. Certain members of this forum (not you) are very prone to that, and when I call them on it, they run away. In fact, one of them has apprantly decided not to answer to me directly, to avoid looking foolish but is content instead to snip at me, by answering other posts.



-{ Quote: "
You missed the point. As computer technology gets more and more sofisticated it is becoming virtually impossible for the average user to make sense, and mainly, keep up with all the possibilities to get infected.
" }-

And they have the sophiscation to keep up with "proactive defensive tools" like PG and RD that some people are calling the most important tools ever?



-{ Quote: "
Who would have thought that it would be possible to get an infection from clicking websites?
" }-

LOL, people think it's possible to get infected just by reading a text file. Getting infected by going to a website would hardly surprise them.


-{ Quote: "
No, it´s not impossible because you fail to give proper meaning to the word "common". Today, practically everybody uses a computer with a varied knowledge background. What is common sense for the average user has nothing to do with the knowledge that is necessary to understand all this and how to defend against it. How many time have you heard "I use dial-up so I don´t need a firewall"? Unfortunately, that´s common sense too.
" }-

Fair enough. The fact is though, if I can educate my 70 year old Dad, to keep his PC safe, despite not running any AV real time monitor, I'm not sure if it's really that hard. Certainly it isn't harder than learning how to play with the security tools that is so popular here.

-{ Quote: "
You and Matt have much more than "common sense", enough so you don´t get into trouble. And just like you I have seen people with common sense get loads of malware without any idea how they got them. That doesn´t reinforce any argument. The fact is that a lot of people simply do not have the necessary judgement or knowledge to make decisions about what happens in their computers despite all the common sense they might have. That´s where these tools come into play and assist them making those decisions.
" }-

My point is, which I'm sure you are already implictly agreed to is that a cluess user that relies only on tools is hardly another more protected. How many times have you seen, someone post that he got infected by opening a strange email attachment because his antivirus said it was okay?

Actually not much nowadays, because the knowledge of being careful of email attachedments has trickled down to the masses

-{ Quote: "

I probably wouldn´t. But if your grandmother got an email apperantly from you harvested by a worm, it would be pretty hard to make that call. Basing decisions on attachment extensions already requires experience that might fail a lot of people that have common sense.
" }-

Actually my Dad (retired, non-tech profession) is in the exact situation you mention. And he has no problem at all figuring out which email is a worm.

Like most people I expect he figures out which email is suspect, not by looking at attachments (that's a little technical), but by the practise of common sense.

He usually looks at the context of the email body, anything that is overly short, vague is suspect. It helps that I don't have the habit of sending one liner emails. Anyone who does that is likely to get his email junked these days

Of course, it helps that he doesn't use a shitty email client.

So there! Software+knowledge.


-{ Quote: "
From your description it would seem impossible to fall victim of a worm, virus or phishing scam but that´s what´s been happening. Or maybe you believe ALL those victims are stupid and don´t have common sense?
" }-

It isn't impossible to fall victim of a virus,worm, or phishing scam, it's just difficult if you are even slightly clued in. Everyone seems to feel the need to underestimate Average Joe (why I don't know, except maybe to make oneself feel good?) , but my own experience is that many already know what to do, and for those who don't ( they get infected), an hour or two of 'lecturing' is sufficient.

Some still get infected don't get me wrong, but those are people who know that they are doing the wrong thing but do it anyway.

-{ Quote: "
Safe sex means "use a condom". Period. Safe hex means... The list is virtually endless, depends on what you do with computers and is changing all the time. Pretty simple? Yeah, right..." }-

And using the countless anti-x tools, is a lot simpler? Trying to figure out if product X, covers malware Y, trying to figure out why software Z conflicts with software X, Pops up flashing at you about process X injecting into process Y is a lot easier?

By God, that's the reason why newbie forums like this exist! And I'm still confused by all these toys :)

And as always people seem to think that when I advocate safe practises as a number 1 line of defense, they seem to think that I'm advocating not running any protection software. It's a strawman argument.

What I'm saying is that if you want to help, make sure you teach them common ways to protect themselves , knowledge that is likely to last them longer than any security product, instead of trying to turn their machine into a clone of yours, running the exact same setup.

Of course, some people around here seem to be so worried about keeping their fave software developer from starving, to the extent that they are asking the vendors to raise prices! So promoting one or two paid products might be a good idea.

-{ Quote: "

I


And what is wrong with Singapore ? The last time I checked, it was hardly hacker heaven. Now China.....



" }-


Nothing wrong with Singapore. Singapore is more civilized than the USA to me.....but I am also going to Jakarta, Indonesia,,,,,,Indonesia is a bit of a wild lands......piracy runs rampant there....What's the latest movie? I can get it for less than a dollar in Indonesia....LOL.....security on the internet there is about as bad as China...or the Philippines, or just about any other country in that area.

-{ Quote: "If you say so. " }-

Yes, I do say so....I never been hit with a zero day infection and the likelihood that I ever will is low. Not impossible but not probable either.


Starrob

-{ Quote: "




So you agree what you are saying has no relevance to average users? :)" }-


That is not for me or you to determine...It is up to the "average user" (Whatever that means) to determine whether what I write or say has relevance.

My father only surfs certain websites. He is sort of older...He would not understand very much that is talked about on here...He would not understand what was meant by "common sense" on a computer but also I dont load up his computer with KAV, PG, RD, SSM, REGRUN or PREVX because he would not understand that either.

For him, I simply leave the Nortons suite that came with the computer on, add some hosts files, Spybot and Spyware blaster and he has never been infected.

Every situation is different....some people operate their computer dangerously and need extra protection....others only surf security forums and dont need extra protection. What is FUD for some is a necessity for others.

Most people like painting everyone into the same box and everyone is not the same. I have seen posts where some claim they can run without any security software whatsoever....not even a firewall and they claim to never get infected.

Others claim to be loaded down with security programs....claim to have lots of knowledge and common sense but yet sometimes they get infected.

If someone wants to put so much security software on their computer so the computer operates at almost a standstill then more power to them....If someone operates with no security software...then more power to them.

Over time, I move increasingly away from wanting everyone to do just like I do and towards encouraging everyone to think for themselves. Everyone do what you want with your computer for after all it is yours. Choose to listen or not listen to anyone you want to on this board or any other board for that matter but don't take people's word as Gospel....read what they say and think it out for yourself and come to a satifactory solution for your own personal situation.


Starrob

-{ Quote: "…The fact is though, if I can educate my 70 year old Dad, to keep his PC safe, despite not running any AV real time monitor, I'm not sure if it's really that hard…

It isn't impossible to fall victim of a virus,worm, or phishing scam, it's just difficult if you are even slightly clued in. Everyone seems to feel the need to underestimate Average Joe (why I don't know, except maybe to make oneself feel good?) , but my own experience is that many already know what to do, and for those who don't ( they get infected), an hour or two of 'lecturing' is sufficient. " }-Now, that's the most sensible thing you've written :)

Actually, I would begin even before the lecture - take her/him to watch the computer being assembled. This is what we do (a small group of friends who help people get started, or start over) - at a local custom shop. She/he gets to see what’s inside the computer - - why, it’s not so mysterious after all! Not that the user is necessarily going to tinker inside the case, but basic understanding of what a computer "is" is the beginning of security awareness. Our lecturing begins with the actual hooking up of everything once we get the system in the home, and goes from there.

Our users have a firewall, and that’s it, except in two cases where we have Deep Freeze. Actually, two use Win98 and don’t even have a firewall. No unwanted intrusions have ever been experienced.

Pollmaster, it does no good to argue in these posts - - unless you just enjoy doing it 8) - - because you are not going to convince anyone to change her/his mind, and not *one* useful piece of information ever comes out of these arguments.

Most of the posting on these forums is involved in fixing problems and discussing products. Nothing wrong with that, but there is certainly a need for a place to talk about teaching security, and I think what you have to say about this is important and would be more useful if you would just outline step by step what you do, and let people take it or leave it.

I have done that several times a few months ago - - you’ll get a few positive responses, then the thread will take off in a different direction and the "my product is better than yours" rant will take over. But that’s OK - you will have made a useful contribution.

-rich
________________
~~Be ALERT!!! ~~

Quote
Of course, some people around here seem to be so worried about keeping their fave software developer from starving, to the extent that they are asking the vendors to raise prices!

Darn near spit out my coffee after reading that, I was laughing so hard.

-{ Quote: "Yes, I do say so....I never been hit with a zero day infection and the likelihood that I ever will is low. Not impossible but not probable either.
Starrob" }-

Of course, but you never being hit by a zero day exploit does not mean
whatever product you are relying against them work.

,The number of people hit by a zero day exploit (i'm talking about the home user context), you will find is extremely , extremely low. Much rarer than a worm slipping through an AV before an update was created for sure.

-{ Quote: "Nothing wrong with Singapore. Singapore is more civilized than the USA to me.....
" }-

Except you can't get chew gum, and you get canned if you don't flush the toilet. And there is no freedom of speech.


-{ Quote: "
but I am also going to Jakarta, Indonesia,,,,,,Indonesia is a bit of a wild lands......piracy runs rampant there....What's the latest movie? I can get it for less than a dollar in Indonesia....LOL.....security on the internet there is about as bad as China...or the Philippines, or just about any other country in that area." }-

Privacy is rampant in Asia, even Singapore, though it's less serious now

-{ Quote: "
Pollmaster, it does no good to argue in these posts - - unless you just enjoy doing it 8) - - because you are not going to convince anyone to change her/his mind, and not *one* useful piece of information ever comes out of these arguments.
" }-

You are probably right, though occasionally in the course of these arguments, some people (including me) do learn something.

In any case, I shall stop.

-{ Quote: "
I have done that several times a few months ago - - you’ll get a few positive responses, then the thread will take off in a different direction and the "my product is better than yours" rant will take over.
" }-

Sadly that is always the case, where's the thread?

-{ Quote: "Sadly that is always the case, where's the thread?" }-Here's one I did on Wilders. I had hoped that more people would describe how they would teach someone just getting started in computing, and then lead into how they teach security awareness:

http://www.wilderssecurity.com/showthread.php?t=73778

-rich
________________
~~Be ALERT!!! ~~

-{ Quote: "Of course, but you never being hit by a zero day exploit does not mean
whatever product you are relying against them work.

" }-


It also does not mean that the products will not work either. There are some products out there that probably do a great deal of what is advertised.

I also don't simply rely on products. I do a certain amount of system hardening and I learn from the good things others do and also from others mistakes.

I don't believe in 100% solutions. A total common sense only approach is just as likely to get hit by a zero day exploit as a person who has so much security software on their computer that it takes 5 minutes to open a folder on their computer. It is just a matter of preference.

If someone wants to wait 5 minutes to open a file on their computer then it is none of my business. If someone wants to operate with no security software whatsoever, it is none of my business. My business is my own computer and how I can better defend it. If you have specific examples of how a computer can be better defended then I am interesting to hear that. I always looking for best of breed solutions......



Starrob

-{ Quote: "Here's one I did on Wilders. I had hoped that more people would describe how they would teach someone just getting started in computing, and then lead into security awareness:

http://www.wilderssecurity.com/showthread.php?t=73778

-rich
________________
~~Be ALERT!!! ~~" }-


I like your suggestions. I have been studying things like Deepfreeze. I am not sure if I will purchase it however. I don't think I will be purchasing a whole lot more security software in the next year or so until after I see what IE 7.0 and Longhorn looks like. Security wise, from the llittle I read, most of the things that I am concerned about might become a moot point and there might be no need for extra software to defend against many of the things people are concerned about now because it might already be built into the Longhorn OS.....have to see how things turn out.....I might not like Longhorn but then again, I might....have to see.

As for Deepfreeze, as far as I know there are no exploits against it but I have run across websites where hackers are actively working to develop a exploit against it.....so who knows...maybe tomorrow....maybe a year from now some deepfreeze user could go around thinking he is 100% safe and run across a zero day exploit that could blow up the Deepfreeze is 100% safe theory.

Me....I have no 100% solutions but look at solutions that can get me as near to there as possible....that is why Deepfreeze has interested me. My biggest concern with Deepfreeze is that I change things on my computer a lot....a whole lot and it might tend to be a hassle for me interacting with the program.....so I wait to see what Longhorn and IE 7.0 brings........



Starrob

Hi Starrob,

I too looked at DeepFreeze, and came to this conclusion:

1) It cannot be considered protective. Rather, and easy way to clean a machine and keep it clean.

2) Since there are possibilities for intra-day infection, a user would still need to have security software installed, if there is any need for security software. In some climates this may not be necessary. For example, in schools and libraries, one can pre-suppose that no confidential transactions are taking place. So there is no possibility of breech of confidentially. Under these circumstances, it is merely necessary to "rollback" the machine to a clean state each day. This works very well. (However, the assumption here may be entirely wrong, much to the surprise of a user who is indeed doing private transactions on a public system).

3) DeepFreeze's rollback will also clear any trail of an intra-day infection. This has a fairly risky downside. If a user, by chance, is infected during the day (let's say a keylogger), and has information stolen, then the user will probably never realize this - and there will be no way to ever verify. It is analagous to cleaning out the video tape of a security camera each day. All evidence of an infection is lost. In this fashion, the user never has a clue that his/her privacy has been compromised. In a more typical situation, a user, upon learning of a privacy breach, may decide to change passwords or account information so that all accounts are secured. In the above example, the user would never get a warning to perform such actions.

Therefore, I concluded that DeepFreeze has value, but in my case probably no more value than my image copy, so I decided not to purchase it. However, I do feel it is a very good solution under the right circumstances - e.g. a closed environment with few system updates. I think the company has itself done a good job of determining its target market.

Rich

Did anyone mention port scans?

They are going on at all times over the internet.

I on the other hand do think programs like Deepfreeze, Shadowuser are good for home users along with some other software such as a good firewall, AT, AV & a program such as PG, regrun & SSM.
Not saying you need all of them installed at the same time.
Another good one would be to use a drive Image program. I used to Beta for
Drive Image & Ghost.
I find reformating is best in my case along with what I allready own. In my case I don't install a ton of security apps for my protection but rather my curiousity & trying to help the developers when I can.

controler

-{ Quote: "I like your suggestions. I have been studying things like Deepfreeze. I am not sure if I will purchase it however. I don't think I will be purchasing a whole lot more security software in the next year or so until after I see what IE 7.0 and Longhorn looks like. " }-
-{ Quote: "Therefore, I concluded that DeepFreeze has value, but in my case probably no more value than my image copy, so I decided not to purchase it. However, I do feel it is a very good solution under the right circumstances - e.g. a closed environment with few system updates. I think the company has itself done a good job of determining its target market." }-
-{ Quote: "I on the other hand do think programs like Deepfreeze, Shadowuser are good for home users along with some other software such as a good firewall, AT, AV & a program such as PG, regrun & SSM.controler" }-
Three people coming to different conclusions, based on what the individual needs are.

This is why it's normally not constructive make a blanket statement, "here's what you need." Rather, showing how and why you concluded that what you are suggesting works for you.

I suggested in another forum, adopt a beginner (or one who will start over and wants to learn good computing habits) - develop your own system of teaching the basics of computing and computing security. Help them set up the security that will meet their needs. If all they do is check email and write letters, they won't need much. (Yes, I know some who don't surf!)

It's a very rewarding endeavor.

-rich
________________
~~Be ALERT!!! ~~

Hi Rmus,

As for myself, what I find most useful are the rationales that people use in making a particular security decision. Since the permutations of possibilities are quite numerous, it is useful to know how someone arrived at a particularl decision.

For example, when several forum members explained why they were personally not concerned about Buffer Overflow vulnerabilities on their personal computer, it made lots of sense to me, and I took a similar perspective.

A more rigorous approach to understanding security would be very useful, but as things stand, the PC world is more "network oriented" (no beginning or end) vs. a more hierarchical world, and therefore it is more difficult to find a reasonable "path". But I think a person can sort things out for himself/herself overtime, if they understand the individual vulnerabilities and approaches to securing oneself against these vulnerabilities. In this respect, your essay on AntiX was very useful to many of us forum members. Thanks for taking the time to inform us of your perspective.

Rich

I aggree Rich and that is what I have been doing for years.
I don't fix as many computers as I used to But I always run into people that think they know it all about computers. Must be the new generation LOL
Before XP & the newer computers came out, I wrote a nice step by step procedure for partitioning & reformating your hard drive. Even my 7 year old son could follow it at the time. Now all you do is put the Install Cd in and reboot.
You always get those that say oh dear, I have so much on my computer I can't redo it, but really, what do they have that can't be backed to a simple device such as a USB flash drive & if they have a ton of music or movies, they SHOULD be storing that on a seperate HD anyway. Not many people understand how full of crap windows gets even without installing alot of software. For the common user I do aggree, keep it simple. I dought many wilders members keep it simple though. If so, it would be the minority.

For me, my computer knowledge dates back to the late 70's. My electronics dates back to the time when they taught putting a o scope on the I/O lines to troubleshoot physical problems.
Now days things are so cheap, why bother.
It is always fun to reflect back from the early days of computers & the internet.
Not many also remember when a basic computer was the size of a garrage.
The younger generation can't even immagine doing math in school without a calc.
Thsi doesn't mean I live in the dino age but rather have kept up all along and in some cases tried to stay ahead of the game.
Ya, I am old LOL

You can be typing away with a wireless keyboard and if they wanted to, they could pick up all the strokes typed from a block away, encryption not helping. So ya it can all get too deep & paranoid at times if you let it.
I just have fun testing and trying to help in what little ways I can.


controler

I just read this article: http://www.eweek.com/article2/0,1759,1826269,00.asp

It appears that Microsoft might be getting the message concerning security. If they are actually able to implement things such as "Low-rights IE" correctly then I am unsure how much added value that a lot of the security software that is on the market today will have.

I am interested to see Longhorn & IE 7.0. If the advantages outweigh the disadvantages then I will be sure to upgrade...

I am not sure if there is much of a need for for a dedicated AS or AT or other malware solutions if they are able to implement the things that are talked about in that article. If they get it right, the threats from malware will go way down...

Here is a quote from the article:



"We are using the same Longhorn security infrastructure to limit IE to just enough privileges to browse the Web but not enough to modify user files or settings by default," Franco said.

Even if an attacker attempts to exploit an IE flaw, the code won't have enough privileges to install software, copy files to start-up folder, or hijack the browser home page or search provider settings, he added.

He said the primary goal of low-rights in IE 7.0 is to "restrict the impact of a security vulnerability while maintaining compatibility."




If a "low-rights IE" is done right, the threats from something like a rootkit goes way down (because the user will have to go through the extra step of granting the rootkit administrative rights)....as well as threats from from things like CWS, IST and lots of other malware. What are the AV, AT, AS companies to do then?

I think there will most likely always be a place for AV's or malware detectors but I have a feeling that the industry will probably consolidate with many of the weaker players fading away under Microsoft's increased emphasis on security.

What are other people's thoughts on this...both positive and negative?



Starrob

This is the same effect as running under a limited user account, and exactly the same as using DropMyRights (see the first page in my sig, towards the bottom) It can help tremendously, but it's not a cure-all. For the most part it will mean that the malware writers will just have to try harder and use more exploits. I already use my internet software this way :) (eMule already even has this built in)

-{ Quote: "This is the same effect as running under a limited user account, and exactly the same as using DropMyRights (see the first page in my sig, towards the bottom) It can help tremendously, but it's not a cure-all. For the most part it will mean that the malware writers will just have to try harder and use more exploits. I already use my internet software this way :) (eMule already even has this built in)" }-


Do you also use PIVX or some other system hardening? I am interested in what people think of PIVX.



Starrob

Yes and yes :) I'm currently using PreEmpt beta, which is the sucessor to Qwik-Fix (currently the same fixes, different UI and internals.) I'm pretty happy with Pivx' products, but I've got kind of a hot/cold relationship with their support staff. Nevertheless, Qwik-Fix has been great, works 100% transparently and supports some options that others do not, including protection for 3rd party, and IE hardening that doesn't break anything, and fixes for buffer overflow vulnerabilities. PreEmpt has some alerts for when certain exploits are tried as well.

I also use Computer Security Tool (http://www.getdata.com/) which I have been doing beta testing for since before v1 and will be helping with IE hardening (I'm excited about that :) ) This one does some of the more basic stuff that none of the others cover, and will be doing some very cool stuff in the future.

After that I ususally use WWDC and HardenIt. Those particular 4 I favor for maximum compatibility with just about everything, but going all free isn't bad either (especially if you don't use IE.) Sometimes I use SafeXP as well, but mainly because I like it's interface. After HardenIt these freebies only offer one or two options that the paid ones do not.. that's set to change, and it should be noted that the paid ones offer a bunch of options that the free ones do not.

I've actually taken some very high risk users and added AV/FW and hardened their system (some with just Qwik-Fix, others with a few free tools) with great results. In my experience, if you add nothing more than hardening to the standard AV/FW setup, you'll be way ahead of the game.

-{ Quote: "It also does not mean that the products will not work either. " }-

It does mean you don't know if they work

-{ Quote: "There are some products out there that probably do a great deal of what is advertised." }-

You know of a couple zero day exploits to test with? ::)

-{ Quote: "

I don't believe in 100% solutions. A total common sense only approach is just as likely to get hit by a zero day exploit as a person who has so much security software on their computer that it takes 5 minutes to open a folder on their computer. It is just a matter of preference.
" }-

If there's no difference between a common sense approach and one with tons of security software in terms of being vulernable to a zero day, the choice any rational person would make is simple (except for security hobbyists)


-{ Quote: "
I always looking for best of breed solutions......
/QUOTE]

Sadly, I cannot reveal some of my own patented solutions.

-{ Quote: "It does mean you don't know if they work/QUOTE]

Just as I don't know if common sense would work either.



-{ Quote: "You know of a couple zero day exploits to test with? ::) /QUOTE]

maybe



-{ Quote: "If there's no difference between a common sense approach and one with tons of security software in terms of being vulernable to a zero day, the choice any rational person would make is simple (except for security hobbyists) /QUOTE]

There might be a big difference depending on the person involved. Common sense is a awfully big term covering many things. No one knows everything and some security software might cover some holes for some people that have neither the time nor inclination nor brainpower to learn others rules of "common sense". Everyone is different.....each person has different needs. Nothing is Gospel. What you need may be different from what others need. Evangelists hate me cuz I leave their minds twisted....LOL...for the Evangelist has a certain belief in things being a certain way but me I am a relativist and believe multiple realities are possible and one of those realities contains computers jammed to the gills with security software and another reality contains no security software whatsoever and everything in between,,,,It is hard for me to call one persons solution the "ULTIMATE" that applies to everyone. If this were so then "God" might have well of made the world full of clones.


-{ Quote: "
I always looking for best of breed solutions......
/QUOTE]

-{ Quote: "Sadly, I cannot reveal some of my own patented solutions." }-

Too bad. I would have been interested to hear them.


Starrob